-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/16/2010 05:13 PM, Nicky726 wrote: > Dne Čt 16. září 2010 21:22:07 jste napsal(a): >> On 09/16/2010 12:16 PM, Nicky726 wrote: >>> Hello, >>> >>> while working on confinement of selected KDE apps, I came to following >>> issue: >>> >>> Directories ~/.config, ~/.local, ~/.local/share (and possibly others) are >>> labeled as config_home_t, gconf_home_t and data_home_t all owned by gnome >>> module. These directories are used by much more programs than just GNOME, >>> ranging from KDE apps, pure Qt or GTK apps to for exaple ibus. User's >>> trash is also put in one of those. >>> Therefore I think, that the directories should be labeled with types that >>> are owned by another application/DE unspecific module (Dominick Grift in >>> conversation mentioned these are part of freedesktop specifications, so >>> I guess it can be named eg. freedesktop). And their naming should also >>> resign from application specific names, which is the case of >>> gconf_home_t for ~/.local. >>> >>> Regards, >>> Ondrej Vadinsky >> >> That is fine, and messages like this should go to the refpolicy mail >> list. refpolicy@xxxxxxxxxxxxxx > > Those types seem to be part of Fedora SELinux policy, I could not find them in > refpolicy, therefore I wrote to Fedora mailing list. > >> We have lots of types that have used specific applications and ended up >> being used by other applications. We have not gone back and changed the >> names, mainly because of the hassle. For example. >> >> /usr/bin/epiphany -- system_u:object_r:mozilla_exec_t:s0 > > Uh, ok, if you say so. > > Regards, > Ondrej Vadinsky > BTW I am not arguing with you and since they are not in refpolicy yet, it makes it easier to change them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkySjVgACgkQrlYvE4MpobOubQCdGzilPuXdfG14pnmZlsrkaeSu +c0AniORKRJMkLBoYAbAynSuKCku2A8D =F+x5 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
